From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Gerd =?UTF-8?Q?M=C3=B6llmann?= <gerd.moellmann@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#58042: 29.0.50; ASAN use-after-free in re_match_2_internal
Date: Wed, 05 Oct 2022 09:34:30 +0200
Message-ID: <m2a66a3erd.fsf@Mini.fritz.box>
References: <m2zgeoc2d8.fsf@Mini.fritz.box> <m21qrnzmie.fsf@Mini.fritz.box>
 <83edvnv965.fsf@gnu.org> <m2tu4i3mxl.fsf@Mini.fritz.box>
 <83pmf6u76i.fsf@gnu.org> <m2ilky3ges.fsf@Mini.fritz.box>
 <83mtaau43p.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="16475"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13)
Cc: 58042@debbugs.gnu.org
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Oct 05 09:37:05 2022
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1ofyxk-00047f-Hx
	for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 09:37:04 +0200
Original-Received: from localhost ([::1]:38220 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1ofyxg-0000gW-N3
	for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 05 Oct 2022 03:37:01 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:37230)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1ofyvn-0000fy-A2
 for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 03:35:03 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:56702)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1ofyvn-0003lD-21
 for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 03:35:03 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ofyvm-0000pw-Aw
 for bug-gnu-emacs@gnu.org; Wed, 05 Oct 2022 03:35:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Gerd =?UTF-8?Q?M=C3=B6llmann?= <gerd.moellmann@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Wed, 05 Oct 2022 07:35:02 +0000
Resent-Message-ID: <handler.58042.B58042.16649552823188@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 58042
X-GNU-PR-Package: emacs
Original-Received: via spool by 58042-submit@debbugs.gnu.org id=B58042.16649552823188
 (code B ref 58042); Wed, 05 Oct 2022 07:35:02 +0000
Original-Received: (at 58042) by debbugs.gnu.org; 5 Oct 2022 07:34:42 +0000
Original-Received: from localhost ([127.0.0.1]:55780 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1ofyvS-0000pL-0c
 for submit@debbugs.gnu.org; Wed, 05 Oct 2022 03:34:42 -0400
Original-Received: from mail-ed1-f47.google.com ([209.85.208.47]:39598)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <gerd.moellmann@gmail.com>) id 1ofyvN-0000p5-Ul
 for 58042@debbugs.gnu.org; Wed, 05 Oct 2022 03:34:40 -0400
Original-Received: by mail-ed1-f47.google.com with SMTP id y100so21298021ede.6
 for <58042@debbugs.gnu.org>; Wed, 05 Oct 2022 00:34:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; 
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:from:to:cc:subject:date;
 bh=QxEEo+OsL6tZUHLcltK7uQGRJ3iDPaFj13DIcG871Nk=;
 b=ZKXFc9cC/FDKExyTMGhp6iNCL23I4TXe0IUATN0eGI/jgD6ESRIbN25k9D/hJmuzVF
 LYpSfB31bRu0TKrYAuXSIiU75NlzcOiS5trreXG2kfgn05s2PvKAxbvsLKfPTtyY3xPP
 9jassYlfv183S6f+bI/j9TXfCH13OeaVHSsMRnaPnTlg6JjTXBYlllg1V/p8J1zAVnxz
 dI9i6vWEgxnZT5WToXi2m0/emrFl8rX3twaxU6UFk7CdjR0Jcg7Eo0iL8JArvkvMp+z9
 3Eb7OmDlKtl2H6HNDaXbMUYt2xDkKzSldBJIorGllXzc8ZVyBixhR8kcxG76eZ3N1Lnb
 KxCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date;
 bh=QxEEo+OsL6tZUHLcltK7uQGRJ3iDPaFj13DIcG871Nk=;
 b=6bB9nvieN+J+a+FyAmNEus+3UOv/31aA2kT+jV8PAhyKsSQ6Q4+17wDfMh7HOLL11n
 Wq8kaRA+XWd8ssDn7Y0GqkSdsj4Wf9Bl3V4RuXc3uT60UoSRYsI2JUF63HujlWl4Fm/f
 +oy2lfD1hf749+d1Br89ufBLFWB6jArSb6m3NGyw/VoYNgpeAAn8hHqojHq4UYa88FDU
 fRVAyY5Q/OGxRWa1VqC6qGEuivztqIumgIUO3N4WDd5PYO52Hl3HXwNRVbyde3Q8HN54
 QY4hSoBAZSEGnLh78i2tD7AsSATXn8WkTqL7I1KDDXjaft2F1fF1kpL0O7l4jtlNMiyG
 O60g==
X-Gm-Message-State: ACrzQf0hEi45CloCLqES1Xj/p/xBtEBtbX4sMemmcG0QNqQ5WrYszE6c
 HYvUQGEr6a2zr9F2DvDVhdai/DmMPHSFLQ==
X-Google-Smtp-Source: AMsMyM51/PU2H3kCMXIeFu34cSPsRJOQeS/GVCr32JG3ZQL9jYvd+TcKLRgdSYdESXzYKRMXRs4Tmw==
X-Received: by 2002:a05:6402:500d:b0:459:3e56:e6f9 with SMTP id
 p13-20020a056402500d00b004593e56e6f9mr8912065eda.367.1664955271512; 
 Wed, 05 Oct 2022 00:34:31 -0700 (PDT)
Original-Received: from Mini.fritz.box (pd9e36cc6.dip0.t-ipconnect.de.
 [217.227.108.198]) by smtp.gmail.com with ESMTPSA id
 z6-20020a1709060f0600b0078238c1c182sm1811889eji.222.2022.10.05.00.34.30
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 05 Oct 2022 00:34:30 -0700 (PDT)
In-Reply-To: <83mtaau43p.fsf@gnu.org> (Eli Zaretskii's message of "Wed, 05 Oct
 2022 10:22:34 +0300")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:244494
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/244494>

Eli Zaretskii <eliz@gnu.org> writes:

>> What I can see is that, apparently, redisplay got called because Emacs
>> received a MacOS event, and did a prepare_menu_bars etc etc.
>
> You mean, a macOS event can be received asynchronously, and will
> interrupt some processing in C, like inside regex-emacs.c?

If it can, I don't know.  But is the GC during redisplay is the one
moving the string, that would be the consequence, I think.

> If that can happen, no code in Emacs is safe, ever.  I don't believe
> this is possible: we no longer process window-system events
> asynchronously, AFAIK, and for this very reason.  But maybe macOS is
> different?  In that case, either we should change the macOS code to
> avoid doing that, or we should have some means of blocking such
> "interrupts" around specific code fragments, akin to block_input.

Yeah.  It would be good if that wouldn't happen ever, if it can.

If it can't happen, then the GC in redisplay that we see is not directly
related to all of this. and your question how redisplay can run while
matching is also off the table, I think.  I don't know a way how that
could happen.

But some GC must run and move strings around.  I don't know how else to
explain the invalid pointer.